Pentagon Makes Love, Not Cyber War, in New Strategy

For one day, at least, you can call off the cyberwar. The Pentagon revealed an unclassified version of its “Strategy for Operating in Cyberspace.” And despite a drumbeat of scare talk and digital sabre-rattling in Washington, the document takes a measured, reasonable approach — focusing on good network hygiene and data-sharing, rather than bombing hackers into submission.

The question is whether this public summary conveys what’s actually in the classified strategy, or reflects the real mood of the Department of Defense.

“DoD would like to be much more aggressive in what it says and how it acts,” says a source familiar with the development of the strategy. “But that tendency to be aggressive has been reined in by the State Department, Treasury, and the White House, and not in an unreasonable way.”

Listen to the talk inside the Washington Beltway — and especially within the Pentagon — and you’d think hackers were about to reach their hands through our computers, and strangle us all in our sleep.

According to the Wall Street Journal, the Pentagon has come to the conclusion that “computer sabotage… can constitute an act of war.” As one military official tells the paper: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

Yet the Pentagon strategy uses tones of cooperation, not confrontation, in the strategy it released today. “By sharing timely indicators about cyber events, threat signatures of malicious code, and information about emerging actors and threats, allies and international partners can increase collective cyber defense,” the document notes. “Cyberspace is a network of networks that includes thousands of ISPs [Internet Service Providers] across the globe; no single state or organization can maintain effective cyber defenses on its own.”

Yes, there are all kinds of bad guys out there on the internet, the strategy adds. But many of them are out for money, not for blood. “The tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate, and many of these capabilities can be purchased cheaply on the internet.” And the best way to stop these crooks is through strong passwords, up-to-date software, and keeping unclassified disks and drives off of secret systems. “Most vulnerabilities of and malicious acts against DoD systems can be addressed through good cyber hygiene,” document adds.

If there was a nod to the McConnell crowd — who’d like to “reengineer the internet” to make everyone trackable online — it was in the declaration that “DoD will pursue revolutionary technologies that rethink the technological foundations of cyberspace.” But the nod was a subtle one.

Behind closed doors, some Pentagon officials take a much harder line. There have been calls to massively shift Defense Department spending from defensive measures to online offense. Other countries — especially the Chinese, they believe — had infiltrated every corner of the military-industrial complex, and need to be shoved back. Every fresh online break-in brings a fevered call to declare the intrusion an “act of war.”

But that view is not universally shared in Washington. “There is no cyberwar,” White House cyber czar Howard Schmidt has repeatedly said. And those more rational voices helped keep the rhetoric in this Pentagon strategy from overheating.

As one source who watched the strategy develop, says: “This the result of a long, political process.”

But this is hardly the final document, Gen. James “Hoss” Cartwright tells reporters.